HIPAA CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT EMPLOYEE DOCUMENTATION OF HIPAA OMNIBUS RULE TRAINING
THIS AGREEMENT entered into this ___ day of _______________________, 20___, by and between _______________________________, hereinafter referred to as the “Healthcare Facility” and _______________________________, hereinafter referred to as the “Employee”, sets forth the terms and conditions under which information created or received by or on behalf of this Healthcare Facility may be used or disclosed under state law and the Health Insurance Portability and Accountability Act of 1996 and updated through HIPAA Omnibus Rule of 2013 and will also uphold regulations enacted there under (hereafter “HIPAA”)
THEREFORE, in consideration of the premises and the covenants and agreements contained herein, the parties hereto, intending to be legally bound hereby, covenant and agree as follows:
- All parties acknowledge that meaningful employment may or will necessitate disclosure of confidential information by this Healthcare Facility to the Employee and use of confidential information by the Employee. Confidential information includes, but is not limited to, the Protected Health Information (PHI), any information about patients or other employees, any computer log-on codes or passwords, any patient records or billing information, any patient lists, any financial information about this Healthcare Facility or its patients that is not public, any intellectual property rights of Practice, any proprietary information of Practice and any information that concerns this Healthcare Facility’s contractual relationships, relates to this Healthcare Facility’s competitive advantages, or is otherwise designated as confidential by this Healthcare Facility.
- Disclosure and use of confidential information includes oral communications as well as display or distribution of tangible physical documentation, in whole or in part, from any source or in any format (e.g., paper, digital, electronic, internet, social networks like Facebook™ or Instagram™ posting, magnetic or optical media, film, etc.). The parties have entered into this Agreement to induce use and disclosure of confidential information and are relying on the covenants contained herein in making any such use or disclosure. This Healthcare Facility, not the Employee, is the records owner under state law and the Employee has no right or ownership interest in any confidential information.
- Confidential information will not be used or disclosed by the Employee in violation of applicable law, including but not limited to HIPAA Federal and State records owner statute; this Agreement; the Practice’s Notice of Privacy Practices, as amended; or other limitations as put in place by Practice from time to time. The intent of this Agreement is to ensure that the Employee will use and access only the minimum amount of confidential information necessary to perform the Employee’s duties and will not disclose Confidential information outside this Healthcare Facility unless expressly authorized in writing to do so by this Healthcare Facility. All Confidential information received (or which may be received in the future) by Employee will be held and treated by him or her as confidential and will not be disclosed in any manner whatsoever, in whole or in part, except as authorized by this Healthcare Facility and will not be used other than in connection with the employment relationship.
- The Employee understands that he or she will be assigned a log-on code or password by Practice, which may be changed as this Healthcare Facility, in its sole discretion, sees fit. The Employee will not change the log-on code or password without this Healthcare Facility’s permission. Nor will the Employee leave confidential information unattended (e.g., so that it remains visible on computer screens after the Employee’s use). The Employee agrees that his or her log-on code or password is equivalent to a legally-binding signature and will not be disclosed to or used by anyone other than the Employee. Nor will the Employee use or even attempt to learn another person’s log-on code or password. The Employee immediately will notify this Healthcare Facility’s HIPAA Privacy Officer upon suspecting that his or her log-on code or password no longer is confidential. The Employee agrees that all computer systems are the exclusive property of Practice and will not be used by the Employee for any purpose unrelated to his or her employment. The Employee acknowledges that he or she has no right of privacy when using this Healthcare Facility’s computer systems and that his or her computer use periodically will be monitored by this Healthcare Facility to ensure compliance with this Agreement and applicable law.
- Immediately upon request by this Healthcare Facility, the Employee will return all confidential information to this Healthcare Facility and will not retain any copies of any confidential information, except as otherwise expressly permitted in writing signed by this Healthcare Facility. All confidential information, including copies thereof, will remain and be the exclusive property of this Healthcare Facility, unless otherwise required by applicable law. The Employee specifically agrees that he or she will not, and will not allow anyone working on their behalf or affiliated with the Employee in any way, use any or all of the confidential information for any purpose other than as expressly allowed by this Agreement. The Employee understands that violating the terms of this Agreement may, in this Healthcare Facility’s sole discretion, result in disciplinary action including termination of employment and/or legal action to prevent or recover damages for breach. Breach reporting is imperative.
- The parties agree that any breach of any of the covenants or agreements set forth herein by the Employee will result in irreparable injury to this Healthcare Facility for which money damages are inadequate; therefore, in the event of a breach or an anticipatory breach, Practice will be entitled (in addition to any other rights and remedies which it may have at law or in equity, including money damages) to have an injunction without bond issued enjoining and restraining the Employee and/or any other person involved from breaching this Agreement.
- This Agreement shall be binding upon and endure to the benefit of all parties hereto and to each of their successors, assigns, officers, agents, employees, shareholders and directors. This Agreement commences on the date set forth above and the terms of this Agreement shall survive any termination, cancellation, expiration or other conclusion of this Agreement unless the parties otherwise expressly agree in writing.
- The parties agree that the interpretation, legal effect and enforcement of this Agreement shall be governed by the laws of the State and by execution hereof, each party agrees to the jurisdiction of the courts of the State. The parties agree that any suit arising out of or relation to this Agreement shall be brought in the county where this Healthcare Facility’s principal place of business is located.
IN WITNESS WHEREOF, and intending to be legally bound, the parties hereto have executed this Agreement on the date first above written, when signing below and after training on HIPAA Law with full understanding this agreement shall stand.
EMPLOYEE DOCUMENTATION OF HIPAA PRIVACY TRAINING
The Health Insurance Portability Act of 1996 (HIPAA) requires our privacy officer to train employees on our health information privacy policies and procedures to the HIPAA Omnibus Standards of 2013 which also includes HI-TECH and Protected Health Information (PHI), Electronic Protected Health Information (ePHI) and Electronic Health Records (EHR). All employees with treatment, payment or healthcare operations responsibilities, which allow access to protected health information, are trained with updates periodically as State and Federal mandates require. HIPAA also requires that we keep this documentation (that the training was completed) for six years after the training.
I, the undersigned do hereby certify that I have received, read, understood and agree to abide by this Healthcare Facilities HIPAA Policies and Operating Procedures.